Jakarta. App-based ride-hailing service Grab announced the launch of a "bug bounty" program that offers rewards from $100 to $10,000 for hackers who can identify security weaknesses on the platform.
According to a statement from the company released on Friday (14/07), the size of the rewards will depend on the severity of the bug issue.
The bug bounty program opens up Grab’s existing private program with HackerOne, the leading bug bounty and vulnerability disclosure platform provider that has already resolved nearly 200 vulnerability points in the Grab app, to the public.
Building on the success of the private bug bounty program, Grab’s public program will invite over 100,000 hackers who are part of the HackerOne network to search for more unknown security vulnerabilities on its platform.
Grab is the latest company to hire HackerOne to improve security, joining automaker General Motors, social media and microblogging platform Twitter, coffee-shop chain Starbucks, video game company Nintendo and over 800 other companies embracing hacker-powered security.
"Sophisticated and far-reaching security measures, such as those made accessible through HackerOne’s platform, are vital to earn the trust of our passengers and drivers," Grab Engineering Director Ditesh Kumar said.
“We believe no technology is perfect and working with a diverse portfolio of skilled security researchers is crucial to build the safest technology possible.”
Grab also considers HackerOne's bug bounty programs cost-effective and allow them to identify vulnerabilities in their system faster.
HackerOne's chief technology officer and founder agreed that working with the hacker community is an effective way to find security gaps in the Grab platform.
"The launch of Grab’s public bug bounty program signals the company's commitment to work with the largest hacker community to protect over 45 million mobile customers."
In total more than 50,000 security vulnerabilities have been resolved by HackerOne for more than 800 organizations globally, including Adobe, the US Department of Defense, GitHub, Intel, Slack, Qualcomm and more.
More information about Grab’s public bug bounty program can be found on https://hackerone.com/grab.